Ce contenu n'est pas disponible dans la langue sélectionnée.

5.9. Port Forwarding


Using firewalld, you can set up ports redirection so that any incoming traffic that reaches a certain port on your system is delivered to another internal port of your choice or to an external port on another machine.

5.9.1. Adding a Port to Redirect

Before you redirect traffic from one port to another port, or another address, you need to know three things: which port the packets arrive at, what protocol is used, and where you want to redirect them.
To redirect a port to another port:
~]# firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-number
To redirect a port to another port at a different IP address:
  1. Add the port to be forwarded:
    ~]# firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IP
  2. Enable masquerade:
    ~]# firewall-cmd --add-masquerade

Example 5.1. Redirecting TCP Port 80 to Port 88 on the Same Machine

To redirect the port:
  1. Redirect the port 80 to port 88 for TCP traffic:
    ~]# firewall-cmd --add-forward-port=port=80:proto=tcp:toport=88
  2. Make the new settings persistent:
    ~]# firewall-cmd --runtime-to-permanent
  3. Check that the port is redirected:
    ~]# firewall-cmd --list-all 

5.9.2. Removing a Redirected Port

To remove a redirected port:
~]# firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>
To remove a forwarded port redirected to a different address:
  1. Remove the forwarded port:
    ~]# firewall-cmd --remove-forward-port=port=port-number:proto=<tcp|udp>:toport=port-number:toaddr=<IP>
  2. Disable masquerade:
    ~]# firewall-cmd --remove-masquerade

Note

Redirecting ports using this method only works for IPv4-based traffic. For IPv6 redirecting setup, you need to use rich rules. For more information, see Section 5.15, “Configuring Complex Firewall Rules with the "Rich Language" Syntax”.
To redirect to an external system, it is necessary to enable masquerading. For more information, see Section 5.10, “Configuring IP Address Masquerading”.

Example 5.2. Removing TCP Port 80 forwarded to Port 88 on the Same Machine

To remove the port redirection:
  1. List redirected ports:
    ~]# firewall-cmd --list-forward-ports 
    port=80:proto=tcp:toport=88:toaddr=
  2. Remove the redirected port from the firewall::
    ~]# firewall-cmd --remove-forward-port=port=80:proto=tcp:toport=88:toaddr=
  3. Make the new settings persistent:
    ~]# firewall-cmd --runtime-to-permanent
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.